From e77e7b165ac4920290015ec4b95e651730009edc Mon Sep 17 00:00:00 2001 From: David Mehren Date: Mon, 8 Jun 2020 15:27:31 +0200 Subject: Set all cookies with sameSite: strict Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren --- public/js/locale.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'public/js/locale.js') diff --git a/public/js/locale.js b/public/js/locale.js index 71c0f99f..670370d4 100644 --- a/public/js/locale.js +++ b/public/js/locale.js @@ -25,7 +25,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected') locale.change(function () { Cookies.set('locale', $(this).val(), { - expires: 365 + expires: 365, + sameSite: 'strict' }) window.location.reload() }) -- cgit v1.2.3